On Thu, 09 Nov 2006 16:16:59 -0000, Jeff Macdonald
On Thu, Nov 09, 2006 at 12:33:49PM -0000, Charles Lindsey wrote:
Which is where we need sites on which "reputations" can be queried. I
envisage these will operate rather like the present DNSBL blacklists.
choose such a site that you trust, and then ask its advice on the action
you should take according to the signer, From address, etc. I would
suppose that phishers own domains would rapidly acquire a rather poor
reputation (and the advice should be to "delete all mail where the
signature succeeds, and even where it doesn't").
Reputation has to start as neutral or negative. One can not start out
with a good reputation. Phishers don't need their domains to be around
that long to make some money.
Starting with a negative reputation means legitimate small companies
will be penalized. A possible solution to that is accreditation.
Yes, reputation is neutral if there is no evidence to suggest otherwise.
But what I have in mind is the organizations that currently publish
DNS-based blacklists of spams such as spamhaus.org, which curently seems
to hold the best reputation among them.
These organizations try to spot spams/phishes/whatever with hours of their
appearance (mainly by the use of honeypots AIUI) and promptly put them in
their blacklists (this will tend to catch both spam-friendly ISPs and
In the future, I would be expecting such organizations also to be
maintaining blacklists of signers with bad reputations, and I would expect
a phisher who started sending signed phishes from a look-alike domain
would find himself in such a blacklist within hours.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
NOTE WELL: This list operates according to